我有这个PHP代码。我序列化了一个Foo类,得到了输出'O:3:“ Foo”:2:{s:6:“ Fooa”; b:1; s:6:“ Foob”; s:9:“ rogthedog” ;}'。当我哈希此序列化的输出时,它与字符串本身的哈希值不同。序列化的输出不应该是等效于'O:3:“ Foo”:2:{s:6:“ Fooa”; b:1; s:6:“ Foob”; s:9:“ rogthedog”的字符串;}'?
<?php
/* Write your PHP code here */
class Foo {
private $a = TRUE;
private $b = 'rogthedog';
}
$c = new Foo;
echo(serialize($c));
# This returns 'O:3:"Foo":2:{s:6:"Fooa";b:1;s:6:"Foob";s:9:"rogthedog";}'
echo(hash('sha256', serialize($c)));
# Not the same as!
echo (hash('sha256', 'O:3:"Foo":2:{s:6:"Fooa";b:1;s:6:"Foob";s:9:"rogthedog";}'));
答案 0 :(得分:2)
从理论上讲,如果只采用可见字符,但是php还添加了不可写字符,这是正确的。我为您准备了一个示例,从您的代码开始,该代码显示了放置不可见字符的礼物。然后我用那些字符和灰烬游戏恢复了字符串
<?php
class Foo {
private $a = TRUE;
private $b = 'rogthedog';
}
$c = new Foo;
echo(serialize($c));
# this shows all the characters
echo("\n\n");
$test = str_split(serialize($c));
foreach ($test as $char) {
echo $char."->".ord($char)." || ";
}
echo(hash('sha256', serialize($c)));
echo("\n\n");
$test2='O:3:"Foo":2:{s:6:"'.chr(0).'Foo'.chr(0).'a";b:1;s:6:"'.chr(0).'Foo'.chr(0).'b";s:9:"rogthedog";}';
echo (hash('sha256', $test2)); // YES !!!